The Obama administration will appoint the first US cyber-security chief to oversight network security.

In a briefing on Friday (29/05/2009), Obama said the cyber threat was “one of the most serious economic and national security challenges” facing the US.

He said economic prosperity in the 21st century would depend on cybersecurity, and that acts of terror could come from a few computer key strokes.

“Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness,” he said, citing the cyber-attacks on Georgia last year as Russian tanks rolled into its territory.

“From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be: as a strategic national asset.”

He revealed that his election campaign last year had been subject to computer attacks. “Between August and October, hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said.

Obama said federal agencies – such as the Pentagon, Homeland Security, the FBI, and the NSA – had overlapping missions and did not coordinate well.

“We saw this in the disorganized response to Conficker, the Internet ‘worm’ that in recent months has infected millions of computers around the world.”

The new Cybersecurity Coordinator would be a member of the National Security Staff and on the staff of the National Economic Council.

Although most critical information infrastructure was in the hands of the private sector, Obama said the government would not set standards for private companies.

IT security firms said they looked forward to seeing details of the security framework, including a new security architecture.

Separately, the Pentagon is planning a new cyberspace military command to conduct offensive and defensive operations online, Reuters reported.

“We view cyberspace as a warfighting domain that we have to be able to operate within,” said Pentagon spokesman Bryan Whitman.

Internet service providers (ISPs) face a growing problem with the rise in botnets, malware that takes control of large numbers of computers. Over the last several months, the Conficker (sometimes called “Conflicker”) botnet has infected more than 10 million machines by some estimates, dwarfing previous botnets by an order of magnitude. Security researchers have also discovered iBotnet, the first large scale Mac botnet, and Psyb0t, the first malware to take over Internet routers.

These trends pose challenges for cable operators. One task is to alert customers without frightening them. In a March 31 post to the Comcast voices blog site, Comcast Senior Director of Security and Privacy Jay Opperman described Conficker and possible preventive actions.

On the macro level, the biggest problem is the increase in Internet traffic associated with spam campaigns and distributed denial of service (DDoS) attacks, in which millions of compromised computers simultaneously send traffic to a Web site to disrupt service. Earlier this year, Time Warner Cable reported that its services had slowed because of a DDoS attack against its DNS servers.

A cat-and-mouse game is playing out between security experts creating tools for finding viruses, Trojan horses and worms, and hackers finding new ways to circumvent them. Success lies in joining multiple elements rather than finding a single weakness. The massive spread of Conficker illustrates this shift in strategy.
Analysis of a botnet

Starting in November, Conficker spread between Windows computers through a vulnerability that had been patched by a Microsoft Windows update a month earlier. Within a few days, millions of computers had been infected, particularly in countries like China, Russia and Brazil, where pirated copies of Windows did not receive security updates.

After the initial infection, the criminals updated the software so that it could infect other computers via USB drives and local area networks (LANs), even ones that had received the Microsoft patch. A single unpatched laptop could infect an entire office when it was brought into work. Massive infections were reported worldwide, including military computers in the UK, France and Germany.

Then the criminals added more features that blocked infected computers from going to Web sites of security companies and blocked security applications, making it more difficult to remove the malicious software. It was not until four months after it was launched, when the Conficker code had taken control of millions of computers, that it began its first malicious activities. In early April, infected computers started installing scareware and spam software. Scareware tells users they have been infected, but that the virus can be cleaned out if they spend $50 on bogus security software.

As of this writing, no one has found the Conficker authors, even though Microsoft has posted a $250,000 reward, and security personnel have launched one of the biggest bot hunts in history.
Tracking the botnets

Botnets communicate with their controller and locate potential targets over the Internet, which provides ISPs and security personnel an opportunity to study them and, in some cases, control or dismantle them.

Deep packet inspection (DPI) lets cable operators see botnet traffic in progress. In some cases, operators have blocked traffic for IRC, a service commonly used for managing botnets. However, these tactics can anger legitimate users.

Botnet owners typically cause the machines to check in with a server at a specific domain name. Initially, Conficker was instructing infected machines to check 250 different domain names every day to find one with an update or instructions. Hackers only had to control one domain name to send out new commands. But security professionals were able to secure all of these.

The Conficker authors raised the bar to having the zombies check 500 out of 50,000 different domain names every day; despite this large number, security professionals succeeded in locking all of these Web sites out of the hands of the hackers, noted Jose Nazario, manager of security research at Arbor networks.

Infected machines downloaded new updates only because hackers had developed another mechanism to send updates via a peer-to-peer (P2P) network. Nazario said that because of the success of their efforts at blocking these attacks, the hackers eliminated the mechanism for checking Web sites for updates.

The future of security looks more like a partnership among service providers, Internet routing and DNS organizations, security personnel and law enforcement. As criminal hackers become more sophisticated, no one magic bullet will solve the security challenge.

An unintended benefit of Conficker is that it raised the security bar. Nazario said: “It is encouraging that so many folks could put aside competitive differences and work together for a common goal that cuts across different silos in operations and research communities. Traditionally, the folks that do routing, run DNS servers, and security researchers don’t talk to each other. This was a huge change.”

Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser.

The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user’s machine.

Mozilla developers have already worked out a fix for the vulnerability. It’s slated to ship in the upcoming 3.0.8 release of the browser, which developers are now characterizing as a “high-priority firedrill security update,” thanks to the attack code. That update is expected sometime early next week.

“We… consider this a critical issue,” said Mozilla Director of Security Engineering Lucas Adamski in an email.

The bug affects Firefox on all operating systems, including Mac OS and Linux, according to Mozilla developer notes on the issue.

By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim’s system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years.

While the public release of browser attack code doesn’t happen all that often, security researchers don’t seem to have much trouble finding bugs in browser software. Last week, two hackers at the CanSecWest security conference dug up four separate bugs in the Firefox, IE and Safari browsers.

The message that popped into Laurie Gale’s Facebook inbox last month seemed harmless enough — a friend had seen a video of Ms. Gale and had sent a link so Ms. Gale could view it. The link led to a video site that prompted her to update her video software, which she did.

“Within seconds, everything started shutting itself down,” says Ms. Gale, a 37-year-old lamp-works artist from Versailles, Ky. Ms. Gale’s new Dell Inspiron laptop had been infected with malicious software, or malware, that has spread through social networking sites like Facebook and MySpace.

“I cried for an hour,” Ms. Gale says. It took a trip to the local computer repair shop and several phone calls with Dell customer-service representatives for her to restore the computer to its factory settings. “It was three days of torture.”

The popularity of social networks and social media sites has grabbed the attention of cyber crooks searching to pilfer passwords, called “phishing,” and steal sensitive personal information. The hackers are exploiting users’ sense of safety within these sites, says Pat Clawson, chief executive of Lumension Security, a computer security company.

Earlier this month, Twitter, a social site in which users communicate in short bursts of text, was hit in a campaign to steal users’ account passwords. On business-networking site LinkedIn, criminals set up fake celebrity profiles that, when visited, downloaded malware onto users’ machines.

Malware attacks in social networks are just as dangerous as ones conducted via email, security experts say. Hackers can mine infected computers for sensitive data like log-ins and passwords to financial sites. Infected computers can also be used to send out spam emails by the thousands.

Since the messages appear to come from friends, users often think they are safe, says Jose Nazario, a security researcher at Arbor Networks, a network-security company in Chelmsford, Mass. “I think the No. 1 thing that people have to remember is that it’s not as gated of a community as you think it is,” he says.

The malware that has made its way through social networks differs from the so-called “Conficker” worm that has spread to millions of personal and business computers in recent weeks, according to security experts. On social networks, malware writers typically trick users into infecting their own computers. The Conficker worm spreads though a vulnerability in Microsoft Windows and infected USB drives.

The attacks via social networks vary in means and intent. Messages may lure users with requests to click on a link to look at a photo or a video. The link may take the user to a phishing site or a site with malware. Some of the spam may be harmless advertising, but users should never risk clicking on such links, security experts say.

Sonny Holmes, a new Facebook user, got a message from his daughter in December about a photo she saw of him. He clicked on the link, and it sent him to a site that asked for his email account, Social Security number and several personal health questions. “I decided post haste that I wasn’t going to answer any of those questions,” says Mr. Holmes, a 59-year-old pastor from North Charleston, S.C.

Later, his Facebook account started spamming all of his contacts. His laptop slowed to a crawl. Mr. Holmes had his church’s information-technology department look at the computer, which the tech person was able to repair. Now “I’m very suspicious of things people send me,” Mr. Holmes says.

Fewer than 1% of Facebook’s 150 million users have become infected with malware using the site, says Max Kelly, Facebook’s director of security. The site started seeing an uptick in malware attacks last summer.

Facebook uses automated systems to watch for unusual activity like accounts spamming their contacts, Mr. Kelly says. Once a compromised account is detected, Facebook will have the account’s passwords reset, and spam messages get deleted. Facebook says it will pursue legal action against parties targeting its users. Just last year, the company filed a civil suit and was awarded $873 million in damages in a default judgment against Atlantis Blue Capital and its Canadian owner for sending Facebook users unsolicited advertisements. The company’s owner couldn’t be located for comment.

MySpace saw malware attacks last summer, though the company says it hasn’t had any reports of it in recent months. Only a “negligible amount” of MySpace’s users have been infected with malware, according to the company. (MySpace is owned by News Corp., which also publishes The Wall Street Journal.)

Twitter co-founder Biz Stone says programmers at the site improved the log-in security after a phishing campaign snared unsuspecting users. In it, users were sent messages saying something like, “Hey, check out this funny blog about you,” along with a link. The link took users to a phony Twitter log-in page where users were prompted to enter their passwords.

Mr. Stone says Twitter has a team that investigates malware threats, phishing attacks and spam on the site. The company also has automated processes that monitor for and delete malicious messages and links, he adds.

LinkedIn Corp. took action when phony accounts of celebrities promised nude photos. The accounts led to sites that contained malware. LinkedIn officials say they removed the fake accounts, but declined to say whether any users’ computers were infected.

“We take these matters very seriously and remove these kinds of inappropriate profiles,” says Kay Luo, a spokeswoman for LinkedIn. “In addition, we are continually adding new technologies and security protocols to prevent this type of abuse.”

Users should use the same caution with messages on social networks as they would with email, says Ryan Naraine, a security expert with Kaspersky Lab, a computer-security company. Users should be especially wary of any messages from friends that don’t sound like their friends wrote them. If they don’t normally write OMG in a message, it’s probably not them, says Mr. Kelly, Facebook’s director of security.

Web-based e-mail users take note: Use strong passwords, consider more about secret questions and answers provide when you creating new accounts.

The private e-mail account of Republican vice presidential candidate and Alaska Gov. Sarah Palin was apparently hacked earlier this week, and screen captures of e-mail messages, family photos, and the e-mail inbox were posted on a Web site.

The internet griefers known as Anonymous took credit for the intrusion, and screenshots of e-mail messages and photos belonging to the Alaska governor have been published by WikiLeaks. Threat Level has confirmed the authenticity of at least one of the e-mails.

“This is a shocking invasion of the Governor’s privacy and a violation of law,” Rick Davis, McCain-Palin campaign manager said in a statement. “The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment.”

FBI spokesman Brian Hale said, “The FBI is aware of the alleged hacking incident involving Alaska Governor Sarah Palin and is coordinating with the United States Secret Service on the matter.”

Facebook users are being targeted by malicious hackers through postings on the popular Wall section of the social-networking site, security company Sophos said Thursday.

The Wall, a core feature of Facebook profile pages, is used by members to leave each other messages that in addition to text can also contain photos, videos, music and links to Web sites.

The malware attack comes in the form of a Wall message supposedly posted by a friend that urges members to click on a link to view a video on a Web site supposedly hosted by Google, said Graham Cluley, senior technology consultant for Sophos.

However, the link takes users to a Web page that isn’t hosted by Google, where they are told they need a new version of Adobe’s Flash player and are urged to download an executable file to watch the video.

The file is really a Trojan horse, Troj/Dloadr-BPL, that funnels other malicious code detected as Troj/Agent-HJX into users’ machines. Once it has done that, it displays an image of a court jester sticking his tongue out.

While on the surface this might seem a practical joke from a friend, in reality it means the PC has been compromised and malicious hackers have gained control over it to use it for a variety of purposes, such as sending spam or distributing malware. “They now own your PC,” Cluley said.

Malicious hackers have been employing this malware distribution technique for many years on e-mail messages, so many users know to avoid these traps. However, people may be less vigilant in more closed and controlled environments such as social-networking sites.

For example, in this case, the malicious Wall message is masked as coming from someone on the user’s list of Facebook friends, increasing the likelihood that the link will be clicked on. “Be very suspicious of Wall postings asking you to click on a link to go watch a video,” he said.

The friend whose name appears with the video has had his PC or Facebook account compromised in some way that lets malicious hackers perform actions without the friend’s knowledge. It’s possible that the affected friend previously fell for the “court jester” trap, and his PC and Facebook accounts are being used to propagate the scheme, he said.

The attack is the latest in a rising trend of malicious hackers using social-networking sites to distribute malware. These sites offer an attractive distribution channel because people feel safer and are more willing to follow links and perform actions if they think a friend is urging them to do so. In fact, it could be a malicious hacker posing as a friend,

If people click on a third-party Web site link and a message pops up asking them to download software into their machines, they should never go ahead with the software download. If they feel they should upgrade their Flash player, they should do so only from Adobe’s Web site, Cluley said.

The news is also relevant for IT departments of companies where employees are allowed to use Facebook at work, Sophos said. Given the wide popularity of social networking for personal and business communications, IT managers should draft policies regarding the proper use of these sites by employees, Sophos said. IT managers should also consider whether they need additional security wares if they decide to allow these sites to be accessed from the office.

“The users inside your company may be more willing to click on a link in a Facebook Wall message than they would in a corporate e-mail,” he said.

For example, many IT departments have installed products that scan e-mail traffic to intercept malware and spam, but with many Web sites now being used to host malware, it’s a good idea to also install a security device that scans all office Web traffic and any software downloads that employees attempt to make.

So far, the Facebook Wall attack seems to target Windows PCs and laptops.

Facebook, which has about 80 million active users worldwide, didn’t immediately reply to a request for comment.

The prompt to download an upgraded Flash player is apparently becoming popular with malicious hackers. This week, Adobe posted its own alert warning people not to fall for this trick. Apparently, the bogus Flash message is part of other malware attacks that use microblogging site Twitter and other social sites.

Last week, security company Kaspersky Lab warned of new worms targeting MySpace and Facebook users via automatically generated comments and messages to those on their lists of friends.

*#2820# – Get the Bluetooth (BT) device address
*#62209526# – Get the MAC address of the WLAN adapter, this information is only available on the new models (S60 3rd edition) which have WLAN.
*#92702689# (WAR0ANTY) enters into the warranty menu – this code doesn’t work with all series 60 phone -.

WARNING : here is the list of some dangerous codes; use them with care, I’m not responsible for any damage …

*#7780# – Reset to the original settings; some information may also deleted and need to be re-entered.

*#7370# – Soft format – this will resets all the phone memory (like re-format a disk); make sure to have full battery charged !